-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kep-sidecar-containers #2148
kep-sidecar-containers #2148
Conversation
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
IMO,
|
@rabbitfang Yeah I'm totally open to that idea, I merely presented this as a StrawMan based of some discussion I had with some sig-apps people at kubecon. I'll be interested if anyone else has any strong opinions on this |
I have a pretty strong preference for having sidecar and non-sidecar containers listed in the same place, because aside from end-of-lifecycle behavior they are identical (e.g. consume resources, expose ports). Having a separate container list for sidecars means we'd need to update lots of tooling that needs to inspect Container values but (1) doesn't care if they're sidecars or not (authorizers) or (2) can gracefully degrade if unaware of the sidecar field (dashboards, reports). |
/ok-to-test |
ok thanks for the feedback, sounds like |
Should |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm really keen on this proposal as we are currently using the common hacks to properly manage sidecars in jobs. Would be happy to help with implementation when we get to that point.
0f6ab63
to
f61cbb5
Compare
/sig node |
@kubernetes/sig-node-feature-requests, @dchen1107 , @derekwaynecarr, can you please take a look and let us know if you think the overall KEP is reasonable enough for merging, there are still a few outstanding issues/questions/details that need addressing but these could be addressed in follow up PRs. @kow3ns has approved this so we just need a LGTM and we can have this merged. |
@Joseph-Irving: Reiterating the mentions to trigger a notification: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
It's starting to look unlikely that this KEP will be merged before the 30th. If so I will open a new PR in https://github.com/kubernetes/enhancements and hopefully progress can be made over there. |
I think we can merge this. If we're mainly arguing about naming, just get it merged and follow-up. Is that the only major outstanding issue? |
We haven't had any feedback from sig-node on this since the 21st August unless somebody here is from sig-node and I didn't realise. It would be good for them to at least give it a thumbs up before merging as this will require kubelet changes. I personally would just love to get this all merged, but it's not my call. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kow3ns, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
I would like to discuss this in a future sig-node meeting , can we get this on the agenda? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no objection to solving the problem and understand the need. I feel like we may want to enable the pattern with more basic primitives, but maybe I am just the outlier.
``` | ||
Sidecars will be started before normal containers but after init, so that they are ready before your main processes start. | ||
|
||
This will change the Pod startup to look like this: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like we are wanting to enforce a specific startup and shutdown sequence for containers in a pod spec, and rather than invent new types of containers with special meaning, we may as well have a graph that lets a container establish a Wants=, Requires=, Requisite=, Before=, After= style graph where a container can reference another named container in the pod spec. Validation can ensure no loops. I feel like we are slowly walking a path that will eventually just demand that, and we may as well explore it. New types of containers are very hard to reason about in kubelet when doing support.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before=, After=
may mean that container should runs before some container, and runs alter some other container. and what does Wants=, Requires=, Requisite=
refer to?
IMO, expressing deps as a graph at least implies some relationship to
REstarts, and not just starts. ACK that doing something once would be
easier to support long-term. I'm hoping we can continue to beat back demand
for anything more than this. This is more than just ordering, there are
semantics here, too., e.g. around shutdown of sidecars.
|
kep-sidecar-containers
@derekwaynecarr, yeah it would be good to talk about this at a sig-node meeting again. @enisoc, who's the sig-apps sponsor, is away on leave until January so it's probably worth waiting until he's back. |
FYI I'm back as of today. Was there any further discussion outside this thread that I need to catch up on? |
No nothing else to catch up on. We currently have this KEP on the sig-node agenda for the 29th Jan if anyone is interested. Also this kep has now been moved over to kubernetes/enhancements and can be found here https://github.com/kubernetes/enhancements/blob/master/keps/sig-apps/sidecarcontainers.md . |
I must admit I have some concerns wrt to both proposal itself as well as the API. I'm feeling like the alternatives were not fully experimented. I'll try to show up on the sig-node meeting on Jan 29th to discuss this in depth. |
I will not make the sig-node call, but if the feature wants to be more than what is written here, I care and want to weigh in. |
@thockin I've opened up a new tracking issue for further discussion kubernetes/enhancements#753 if people want to follow along. |
|
||
### Risks and Mitigations | ||
|
||
You could set all containers to be `sidecar: true`, this seems wrong, so maybe the api should do a validation check that at least one container is not a sidecar. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why does this seem wrong ? Semantically yes, sidecar to what ? But practically it doesnt limit anything i think
This was added due to a comment from Istio long ago[1], but they don't need this anymore[2]. Furthermore, our use cases at Kinvolk also work just fine without this. [1]: kubernetes/community#2148 (comment) [2]: kubernetes#1913 (comment) Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
This was added due to a comment from Istio long ago[1], but they don't need this anymore[2]. Furthermore, our use cases at Kinvolk also work just fine without this. [1]: kubernetes/community#2148 (comment) [2]: kubernetes#1913 (comment) Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
This was added due to a comment from Istio long ago[1], but they don't need this anymore[2]. Furthermore, our use cases at Kinvolk also work just fine without this. [1]: kubernetes/community#2148 (comment) [2]: kubernetes#1913 (comment) Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
This is my initial thoughts on the concept of the sidecar container to address kubernetes/kubernetes#25908
Hopefully this can prompt some discussion around the issue as I think it's something that a fair amount of people would like to be addressed.